The Advance Configuration and Power Interface (“ACPI”) specification defines five states:                S0 Working state        S1 Sleeping with processor context maintained        S2 The S2 sleeping state is logically lower than the S1 state and is assumed to conserve more power        S3 The S3 state is logically lower than the S2 state and is assumed to conserve more power.        S4 Hibernate state        S5 Soft off—similar to the S4 state except that operating system does not save context.        
The hibernate state is a popular mobile power saving feature. During a hibernate, a memory image called the “hiber file” (hiberfil.sys) is created and written to disk. The system then shuts off and typically consumes the same amount of power in S4 as it does when the system is completely powered off (S5). Conventionally, when the system is powered on, the system runs through the normal boot process up until the operating system loader is invoked. The operating system loader sees the hiber file on disk and reads that file into memory, and then resumes the system at the point it hibernated the system. To the user, no data is lost and their desktop is restored to how they left it. For instance, if the user had a document open when the user initiated the hibernate, the document is open upon resume from hibernate.
A special form of hibernate is called “critical hibernate”. This typically occurs in response to a low battery alarm firing. In this scenario, it is assumed that there is just enough power to hibernate the system and prevent data loss. Because of this, the system does not allow any blocking calls to applications during a critical hibernate.
Many users employ file encryption (e.g., EFS) on their computer systems, especially mobile systems that can be taken to various location(s) (e.g., unsecured). EFS allows user(s) to know that their sensitive documents are protected, even if the mobile system is stolen. However, conventionally, encryption and hibernate are mutually exclusive as the hiber file is not generally encrypted as in-memory data is not typically encrypted. The hiber file is a compressed copy of the “dirty” page(s) of in-memory data.
Additionally, conventionally, EFS has been an operating system feature. Accordingly, decryption capabilities are not typically available in the pre-operating system environment. Thus, even if a user has encrypted a document on disk, if the document is open on the desktop when the hibernate is initiated, an unencrypted version of the document can be retrieved from the hiber file (e.g., during system reboot).
With ever increasing concerns regarding system security, especially with regard to mobile computer systems, data encryption has proven to be a valuable tool. However, conventionally, even encrypted data that was in use when a system is placed into hibernate state (S4), has been vulnerable upon rebooting of the system.